My JavaScript book is out!
Don't miss the opportunity to upgrade your beginner or average dev skills.

Monday, April 14, 2008

Script Type PHP :)

Update 2008/03/15I have removed preg_replace and added DOM classes to parse and manage, in a better way, script nodes that contain php code.Everything inside a simple PHP 5 compatible class.Finally, please remember that this is a layer between <?php ?> and JavaScript, and only an experiment ;)

Here you can read another example, where difference between server, output, and client, should be more clear than precedent one.

// here we are between the server and output, known as client $hello = ucwords('hello php world');

// imagine that we would like to use a variable // defined somewhere in the server global $something;

// we could even include or require php files // perform database operations and everything else </script> <script type="text/javascript"> onload = function(){ // here we are in the client, on window load event alert($hello); alert($something); }; </script> </head> <body> <?php // here we are in the server side // we could do what we do every day without problems $something = '<div>Hello Body</div>'; echo $something; ?> </body></html>

-------------------------------

This is a little experiment to emulate script tag with php.The final result will be something like this one:

Of course, we need to include this file before we write a single character in the layout (spaces included), so basically to obtain the expected result, just save above code in a file called, for example, php_script_handler.php, and put them before the layout

The evil eval? Yes, absolutely ... but first of all, this is only a simple experiment, secondly, the page will not be sent before evaluation, so there's no way from the client side to inject malicious code.

The main problem is true interoperability between these two languages, JavaScript, and PHP, but did I say that this is only an experiment? :P

Finally, I gree about strpos but in this case I absolutely know what I am doing and there's no way to have a false positive with that check.The reason is simple, type="text" cannot be the first char, and if it is, the output is a non-sense.

Anyway, I removed preg_replace_callback (please read the update) because with DOM classes, there's no reason to prefere a proge with problems if some var inside contain, for example, a < /script> in a string.